On Wed, Oct 12, 2022 at 10:41:36 -0400, Wietse Venema wrote:
> local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
>
> Why it isn't the default I cannot remember.
The HISTORY file says it is:
> 20041014-23
>
> Postfix still appends $@myorigin or .$mydomain to headers
> from the Postfix sendmail command, or from clients listed
> with the new local_header_rewrite_clients parameter (default:
> permit_mynetworks, permit_sasl_authenticated).
although the actual default is (and always has been?) permit_inet_interfaces.
"permit_mynetworks" has the (documented) drawback that remote mail forwarded
by a neighbouring system can still be rewritten (and thus break signatures).
My personal preference is permit_inet_interfaces, permit_sasl_authenticated,
neither of these should cause false positives.
Geert
